Flow Based Overlay Network

1. A system, comprising: a hardware processor; and logic integrated with the hardware processor, executable by the hardware processor, or integrated with and executable by the hardware processor, the logic being configured to cause the hardware processor to: receive a set of flow identifiers and associated policy identifiers from a policy server prior to receiving an overlay packet; store the set of flow identifiers and associated policy identifiers in a policy and flow database, where each flow identifier in the set of flow identifiers is unique from all other flow identifiers in the set of flow identifiers; determine a flow identifier associated with the overlay packet; analyze the policy and flow database to determine whether at least one policy identifier is associated with the flow identifier by comparing the flow identifier to the received set of flow identifiers and associated policy identifiers within the policy and flow database; apply at least one policy associated with the flow identifier in response to a determination that the at least one policy identifier is associated with the flow identifier; and send the overlay packet to a policy server for further processing in response to a determination that no flow identifier is associated with the overlay packet or in response to a determination that no policy identifier is associated with the flow identifier, wherein the flow identifier is stored in a header of the overlay packet, and wherein the flow identifier is a numeric, alphanumeric, or hexadecimal string of a predetermined length, the flow identifier being unique from all other flow identifiers in a particular overlay network and associated with an identified flow of the overlay packet.

2. The system as recited in claim 1 , wherein the logic is further configured to cause the hardware processor to send the overlay packet to a destination device specified in the header of the overlay packet after applying the at least one policy.

3. The system as recited in claim 1 , wherein the flow identifier is stored within an overlay network header, an outermost layer-2 header, an outermost internet protocol (IP) header, or an outermost user datagram protocol (UDP) header of the overlay packet.

4. The system as recited in claim 1 , wherein the logic configured to cause the hardware processor to apply the at least one policy associated with the flow identifier is further configured to cause the hardware processor to route the overlay packet or at least one inner packet thereof to a device specified in the at least one policy.

5. A method for managing traffic in an overlay network, the method comprising: receiving a set of flow identifiers and associated policy identifiers from a policy server prior to receiving an overlay packet; storing the set of flow identifiers and associated policy identifiers in a policy and flow database, where each flow identifier in the set of flow identifiers is unique from all other flow identifiers in the set of flow identifiers; determining a flow identifier associated with the overlay packet; analyzing the policy and flow database to determine whether at least one policy identifier is associated with the flow identifier by comparing the flow identifier to the received set of flow identifiers and associated policy identifiers within the policy and flow database; applying at least on policy associated with the flow identifier in response to a determination that the at least one policy identifier is associated with the flow identifier; and sending the overlay packet to a policy server for further processing in response to a determination that no flow identifier is associated with the overlay packet or in response to a determination that no policy identifier is associated with the flow identifier, wherein the flow identifier is stored in a header of the overlay packet, and wherein the flow identifier is a string of characters of a predetermined length, the flow identifier being unique from all other flow identifiers in a particular overlay network and associated with an identified flow of the overlay packet.

6. The method as recited in claim 5 , further comprising sending the overlay packet to a destination device specified in the header of the overlay packet after applying the at least one policy.

7. The method as recited in claim 5 , wherein the flow identifier is stored within an overlay network header, an outermost layer-2 header, an outermost internet protocol (IP) header, or an outermost user datagram protocol (UDP) header of the overlay packet.

8. The method as recited in claim 5 , wherein applying the at least one policy associated with the flow identifier comprises performing policy specific actions on the overlay packet or at least one inner packet thereof including forwarding the overlay packet or the at least one inner packet thereof to a device specified in the at least one policy.

9. A computer program product for managing traffic on an overlay network, the computer program product comprising a non-transitory computer readable storage medium having computer readable program code embodied therewith, the embodied computer readable program code comprising: computer readable program code configured to receive a set of flow identifiers and associated policy identifiers from a policy server prior to receiving an overlay packet; computer readable program code configured to store the set of flow identifiers and associated policy identifiers in a policy and flow database, where each flow identifier in the set of flow identifiers is unique from all other flow identifiers in the set of flow identifiers; computer readable program code configured to determine a flow identifier associated with the overlay packet; computer readable program code configured to analyze the policy and flow database to determine whether at least one policy identifier is associated with the flow identifier by comparing the flow identifier to the received set of flow identifiers and associated policy identifiers within the policy and flow database; computer readable program code configured to apply at least one policy associated with the flow identifier in response to a determination that the at least one policy identifier is associated with the flow identifier; and computer readable program code configured to send the overlay packet to a policy server for further processing in response to a determination that no flow identifier is associated with the overlay packet or in response to a determination that no policy identifier is associated with the flow identifier, wherein the flow identifier is stored in a header of the overlay packet, and wherein the flow identifier is a numeric, alphanumeric, or hexadecimal string of a predetermined length, the flow identifier being unique from all other flow identifiers in a particular overlay network and associated with an identified flow of the overlay packet.

10. The system as recited in claim 1 , wherein: the policy and flow database comprises a plurality of bucket identifiers, where each of the plurality of bucket identifiers is associated with one of the set of flow identifiers and one of the associated policy identifiers, and points to a location where routing information related to the associated policy identifier is stored.

11. The system as recited in claim 1 , wherein the set of flow identifiers include a subset of all flow identifiers for an entire overlay network that are associated with traffic of a predetermined entity.

12. The system as recited in claim 1 , wherein the set of flow identifiers include a subset of all flow identifiers for an entire overlay network that are associated with traffic between a specific source and destination device.

13. The system as recited in claim 1 , wherein the set of flow identifiers include a subset of all flow identifiers for an entire overlay network that are associated with a predetermined segment of the overlay network.